yahoo-eng-team team mailing list archive
-
yahoo-eng-team team
-
Mailing list archive
-
Message #28774
[Bug 1425294] [NEW] security-group is not applied correctly when port-id is used for the --nic option in "nova boot"
Public bug reported:
When port-id is used for the --nic option in "nove boot" command, the
user defined security-group is not applied.
E.g. user defined security-group is my-secgroup. It is specified with
the --security-groups option in "nova boot". However, if port-id is
used for the --nic option, my-secgroup is not applied to the VM.
ubuntu@trusty1:~/devstack$ nova secgroup-list-rules my-secgroup
+-------------+-----------+---------+-----------+--------------+
| IP Protocol | From Port | To Port | IP Range | Source Group |
+-------------+-----------+---------+-----------+--------------+
| icmp | -1 | -1 | 0.0.0.0/0 | |
+-------------+-----------+---------+-----------+--------------+
ubuntu@trusty1:~/devstack$ neutron port-list
+--------------------------------------+------+-------------------+---------------------------------------------------------------------------------+
| id | name | mac_address | fixed_ips |
+--------------------------------------+------+-------------------+---------------------------------------------------------------------------------+
| 377399f0-0ad9-4e96-9964-61d92356eadb | | fa:16:3e:23:8a:2a | {"subnet_id": "53268e08-3c2c-4a05-978a-421990525e57", "ip_address": "10.0.0.3"} |
| dc063749-b0ca-47b5-bfa4-a973347bc5a2 | | fa:16:3e:80:31:31 | {"subnet_id": "53268e08-3c2c-4a05-978a-421990525e57", "ip_address": "10.0.0.2"} |
| e9ec22e7-d832-46dc-8a11-a674d4d129fd | | fa:16:3e:8d:ac:b1 | {"subnet_id": "53268e08-3c2c-4a05-978a-421990525e57", "ip_address": "10.0.0.1"} |
+--------------------------------------+------+-------------------+---------------------------------------------------------------------------------+
ubuntu@trusty1:~/devstack$ nova boot --image cirros-0.3.2-x86_64-uec --flavor 42 --nic port-id=dc063749-b0ca-47b5-bfa4-a973347bc5a2 --security-groups my-secgroup vm1
+--------------------------------------+----------------------------------------------------------------+
| Property | Value |
+--------------------------------------+----------------------------------------------------------------+
| OS-DCF:diskConfig | MANUAL |
| OS-EXT-AZ:availability_zone | nova |
| OS-EXT-STS:power_state | 0 |
| OS-EXT-STS:task_state | scheduling |
| OS-EXT-STS:vm_state | building |
| OS-SRV-USG:launched_at | - |
| OS-SRV-USG:terminated_at | - |
| accessIPv4 | |
| accessIPv6 | |
| adminPass | zrgTYi74KhNv |
| config_drive | |
| created | 2015-02-24T21:24:19Z |
| flavor | m1.nano (42) |
| hostId | |
| id | e7745c0d-df15-4239-b9ba-4031d385f1ac |
| image | cirros-0.3.2-x86_64-uec (2fb4309a-8404-4a00-aeae-430f3578b48a) |
| key_name | - |
| metadata | {} |
| name | vm1 |
| os-extended-volumes:volumes_attached | [] |
| progress | 0 |
| security_groups | my-secgroup |
| status | BUILD |
| tenant_id | 33d253dbedc242d58890fbb713e7f386 |
| updated | 2015-02-24T21:24:19Z |
| user_id | 51df3c5e3fff428b9dfabeb2e6fa8545 |
+--------------------------------------+----------------------------------------------------------------+
ubuntu@trusty1:~/devstack$ nova show vm1
+--------------------------------------+----------------------------------------------------------------+
| Property | Value |
+--------------------------------------+----------------------------------------------------------------+
| OS-DCF:diskConfig | MANUAL |
| OS-EXT-AZ:availability_zone | nova |
| OS-EXT-STS:power_state | 1 |
| OS-EXT-STS:task_state | - |
| OS-EXT-STS:vm_state | active |
| OS-SRV-USG:launched_at | 2015-02-24T21:24:32.000000 |
| OS-SRV-USG:terminated_at | - |
| accessIPv4 | |
| accessIPv6 | |
| config_drive | |
| created | 2015-02-24T21:24:19Z |
| flavor | m1.nano (42) |
| hostId | 1f88f0ab3336536e79a7e54bb71b28d4cf99f43b1ae434709595050f |
| id | e7745c0d-df15-4239-b9ba-4031d385f1ac |
| image | cirros-0.3.2-x86_64-uec (2fb4309a-8404-4a00-aeae-430f3578b48a) |
| key_name | - |
| metadata | {} |
| name | vm1 |
| os-extended-volumes:volumes_attached | [] |
| private network | 10.0.0.2 |
| progress | 0 |
| security_groups | default | <<<<< INCORRECT
| status | ACTIVE |
| tenant_id | 33d253dbedc242d58890fbb713e7f386 |
| updated | 2015-02-24T21:24:32Z |
| user_id | 51df3c5e3fff428b9dfabeb2e6fa8545 |
+--------------------------------------+----------------------------------------------------------------+
** Affects: nova
Importance: Undecided
Status: New
--
You received this bug notification because you are a member of Yahoo!
Engineering Team, which is subscribed to OpenStack Compute (nova).
https://bugs.launchpad.net/bugs/1425294
Title:
security-group is not applied correctly when port-id is used for the
--nic option in "nova boot"
Status in OpenStack Compute (Nova):
New
Bug description:
When port-id is used for the --nic option in "nove boot" command, the
user defined security-group is not applied.
E.g. user defined security-group is my-secgroup. It is specified with
the --security-groups option in "nova boot". However, if port-id is
used for the --nic option, my-secgroup is not applied to the VM.
ubuntu@trusty1:~/devstack$ nova secgroup-list-rules my-secgroup
+-------------+-----------+---------+-----------+--------------+
| IP Protocol | From Port | To Port | IP Range | Source Group |
+-------------+-----------+---------+-----------+--------------+
| icmp | -1 | -1 | 0.0.0.0/0 | |
+-------------+-----------+---------+-----------+--------------+
ubuntu@trusty1:~/devstack$ neutron port-list
+--------------------------------------+------+-------------------+---------------------------------------------------------------------------------+
| id | name | mac_address | fixed_ips |
+--------------------------------------+------+-------------------+---------------------------------------------------------------------------------+
| 377399f0-0ad9-4e96-9964-61d92356eadb | | fa:16:3e:23:8a:2a | {"subnet_id": "53268e08-3c2c-4a05-978a-421990525e57", "ip_address": "10.0.0.3"} |
| dc063749-b0ca-47b5-bfa4-a973347bc5a2 | | fa:16:3e:80:31:31 | {"subnet_id": "53268e08-3c2c-4a05-978a-421990525e57", "ip_address": "10.0.0.2"} |
| e9ec22e7-d832-46dc-8a11-a674d4d129fd | | fa:16:3e:8d:ac:b1 | {"subnet_id": "53268e08-3c2c-4a05-978a-421990525e57", "ip_address": "10.0.0.1"} |
+--------------------------------------+------+-------------------+---------------------------------------------------------------------------------+
ubuntu@trusty1:~/devstack$ nova boot --image cirros-0.3.2-x86_64-uec --flavor 42 --nic port-id=dc063749-b0ca-47b5-bfa4-a973347bc5a2 --security-groups my-secgroup vm1
+--------------------------------------+----------------------------------------------------------------+
| Property | Value |
+--------------------------------------+----------------------------------------------------------------+
| OS-DCF:diskConfig | MANUAL |
| OS-EXT-AZ:availability_zone | nova |
| OS-EXT-STS:power_state | 0 |
| OS-EXT-STS:task_state | scheduling |
| OS-EXT-STS:vm_state | building |
| OS-SRV-USG:launched_at | - |
| OS-SRV-USG:terminated_at | - |
| accessIPv4 | |
| accessIPv6 | |
| adminPass | zrgTYi74KhNv |
| config_drive | |
| created | 2015-02-24T21:24:19Z |
| flavor | m1.nano (42) |
| hostId | |
| id | e7745c0d-df15-4239-b9ba-4031d385f1ac |
| image | cirros-0.3.2-x86_64-uec (2fb4309a-8404-4a00-aeae-430f3578b48a) |
| key_name | - |
| metadata | {} |
| name | vm1 |
| os-extended-volumes:volumes_attached | [] |
| progress | 0 |
| security_groups | my-secgroup |
| status | BUILD |
| tenant_id | 33d253dbedc242d58890fbb713e7f386 |
| updated | 2015-02-24T21:24:19Z |
| user_id | 51df3c5e3fff428b9dfabeb2e6fa8545 |
+--------------------------------------+----------------------------------------------------------------+
ubuntu@trusty1:~/devstack$ nova show vm1
+--------------------------------------+----------------------------------------------------------------+
| Property | Value |
+--------------------------------------+----------------------------------------------------------------+
| OS-DCF:diskConfig | MANUAL |
| OS-EXT-AZ:availability_zone | nova |
| OS-EXT-STS:power_state | 1 |
| OS-EXT-STS:task_state | - |
| OS-EXT-STS:vm_state | active |
| OS-SRV-USG:launched_at | 2015-02-24T21:24:32.000000 |
| OS-SRV-USG:terminated_at | - |
| accessIPv4 | |
| accessIPv6 | |
| config_drive | |
| created | 2015-02-24T21:24:19Z |
| flavor | m1.nano (42) |
| hostId | 1f88f0ab3336536e79a7e54bb71b28d4cf99f43b1ae434709595050f |
| id | e7745c0d-df15-4239-b9ba-4031d385f1ac |
| image | cirros-0.3.2-x86_64-uec (2fb4309a-8404-4a00-aeae-430f3578b48a) |
| key_name | - |
| metadata | {} |
| name | vm1 |
| os-extended-volumes:volumes_attached | [] |
| private network | 10.0.0.2 |
| progress | 0 |
| security_groups | default | <<<<< INCORRECT
| status | ACTIVE |
| tenant_id | 33d253dbedc242d58890fbb713e7f386 |
| updated | 2015-02-24T21:24:32Z |
| user_id | 51df3c5e3fff428b9dfabeb2e6fa8545 |
+--------------------------------------+----------------------------------------------------------------+
To manage notifications about this bug go to:
https://bugs.launchpad.net/nova/+bug/1425294/+subscriptions
Follow ups
References